[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) Tue, 19 Nov 2024 03:51:37 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ee1aef74 by Moritz Muehlenhoff at 2024-11-19T09:14:25+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -388,11 +388,11 @@ CVE-2024-41967 (A low privileged remote attackermay 
modify the boot mode configu
 CVE-2024-3370 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: Egebilgi Software Website Template
 CVE-2024-37155 (OpenCTI is an open source platform allowing organizations to 
manage th ...)
-       TODO: check
+       NOT-FOR-US: OpenCTI
 CVE-2024-28058 (In RSA NetWitness (NW) Platform before 12.5.1, even when an 
administra ...)
        NOT-FOR-US: RSA NetWitness (NW) Platform
 CVE-2024-11319 (Improper Neutralization of Input During Web Page Generation 
(XSS or 'C ...)
-       TODO: check
+       NOT-FOR-US: django-cms
 CVE-2024-11318 (An IDOR (Insecure Direct Object Reference) vulnerability has 
been disc ...)
        NOT-FOR-US: AbsysNet
 CVE-2024-11304 (Missing input validation in the SEH Computertechnik utnserver 
Pro, SEH ...)
@@ -400,7 +400,7 @@ CVE-2024-11304 (Missing input validation in the SEH 
Computertechnik utnserver Pr
 CVE-2024-11303 (The pathname of the root directory to a Restricted Directory 
('Path Tr ...)
        NOT-FOR-US: Korenix JetPort
 CVE-2024-11023 (Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie 
to store ...)
-       TODO: check
+       NOT-FOR-US: Firebase JavaScript SDK
 CVE-2024-10390 (The Elfsight Telegram Chat CC plugin for WordPress is 
vulnerable to un ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-0012 (An authentication bypass in Palo Alto Networks PAN-OS software 
enables ...)
@@ -1807,7 +1807,7 @@ CVE-2024-28728 (Cross Site Scripting vulnerability in 
DLink DWR 2000M 5G CPE Wit
 CVE-2024-28726 (An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and 
Dlink DWR 5G ...)
        NOT-FOR-US: D-Link
 CVE-2024-21541 (All versions of the package dom-iterator are vulnerable to 
Arbitrary C ...)
-       TODO: check
+       NOT-FOR-US: Node dom-iterator
 CVE-2024-21540
        REJECTED
 CVE-2024-11168 (The urllib.parse.urlsplit() and urlparse() functions 
improperly valida ...)
@@ -1989,7 +1989,7 @@ CVE-2024-50557 (A vulnerability has been identified in 
RUGGEDCOM RM1224 LTE(4G)
 CVE-2024-50386 (Account users in Apache CloudStack by default are allowed to 
register  ...)
        NOT-FOR-US: Apache CloudStack
 CVE-2024-50336 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK 
for Jav ...)
-       TODO: check
+       NOT-FOR-US: matrix-js-sdk
 CVE-2024-50331 (An out-of-bounds read vulnerability in Ivanti Avalanche before 
6.4.6 a ...)
        NOT-FOR-US: Ivanti
 CVE-2024-50330 (SQL injection in Ivanti Endpoint Manager before 2024 November 
Security ...)
@@ -2324,7 +2324,7 @@ CVE-2024-43449 (Windows USB Video Class System Driver 
Elevation of Privilege Vul
 CVE-2024-43447 (Windows SMBv3 Server Remote Code Execution Vulnerability)
        NOT-FOR-US: Microsoft
 CVE-2024-43415 (An improper neutralization of special elements used in an SQL 
command  ...)
-       TODO: check
+       NOT-FOR-US: decidim-module-decidim_awesome
 CVE-2024-42442 (APTIOV contains a vulnerability in the BIOS where a user or 
attacker m ...)
        NOT-FOR-US: APTIOV
 CVE-2024-40592 (An improper verification of cryptographic signature 
vulnerability [CWE ...)
@@ -2350,7 +2350,7 @@ CVE-2024-36140 (A vulnerability has been identified in 
OZW672 (All versions < V5
 CVE-2024-35274 (An improper limitation of a pathname to a restricted directory 
('Path  ...)
        NOT-FOR-US: FortiGuard
 CVE-2024-33660 (An exploit is possible where an actor with physical access can 
manipul ...)
-       TODO: check
+       NOT-FOR-US: AMI
 CVE-2024-33658 (APTIOV contains a vulnerability in BIOS where an attacker may 
cause an ...)
        NOT-FOR-US: APTIOV
 CVE-2024-33510 (Animproper neutralization of special elements in output used 
by a down ...)
@@ -2440,9 +2440,9 @@ CVE-2024-10923 (Improper Neutralization of Input During 
Web Page Generation (XSS
 CVE-2024-10245 (The Relais 2FA plugin for WordPress is vulnerable to 
authentication by ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-10218 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR 
Utility),monito ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2024-10217 (XSS Attack in mar.jar, Monitoring Archive Utility (MAR 
Utility),monito ...)
-       TODO: check
+       NOT-FOR-US: TIBCO
 CVE-2023-52268 (The End-User Portal module before 1.0.65 for FreeScout 
sometimes allow ...)
        NOT-FOR-US: FreeScout module
 CVE-2023-50176 (A session fixation in Fortinet FortiOS version 7.4.0 through 
7.4.3 and ...)
@@ -2549,7 +2549,7 @@ CVE-2024-51187 (TRENDnet TEW-651BR 2.04B1, TEW-652BRP 
3.04b01, and TEW-652BRU 1.
 CVE-2024-51186 (D-Link DIR-820L 1.05b03 was discovered to contain a remote 
code execut ...)
        NOT-FOR-US: D-Link
 CVE-2024-51135 (An XML External Entity (XXE) vulnerability in the component 
DocumentBu ...)
-       TODO: check
+       NOT-FOR-US: powertac
 CVE-2024-51054 (A Cross Site Scriptng (XSS) vulnerability was found in 
/omrs/admin/sea ...)
        NOT-FOR-US: PHPGurukul Online Marriage Registration System
 CVE-2024-51026 (The NetAdmin IAM system (version 4.0.30319) has a Cross Site 
Scripting ...)
@@ -2645,7 +2645,7 @@ CVE-2024-34014 (Arbitrary file overwrite during recovery 
due to improper symboli
 CVE-2024-29075 (Active debug code vulnerability exists in Mesh Wi-Fi router 
RP562B fir ...)
        NOT-FOR-US: Mesh Wi-Fi router RP562B firmware
 CVE-2024-25255 (Sublime Text 4 was discovered to contain a command injection 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Sublime Text
 CVE-2024-25254 (SuperScan v4.1 was discovered to contain a buffer overflow via 
the Hos ...)
        NOT-FOR-US: SuperScan
 CVE-2024-25253 (Driver Booster v10.6 was discovered to contain a buffer 
overflow via t ...)
@@ -2681,7 +2681,7 @@ CVE-2024-11068 (The D-Link DSL6740C modem has an 
Incorrect Use of Privileged API
 CVE-2024-11067 (The D-Link DSL6740C modem has a Path Traversal Vulnerability, 
allowing ...)
        NOT-FOR-US: D-Link
 CVE-2024-10917 (In Eclipse OpenJ9 versions up to 0.47, the JNI function 
GetStringUTFLe ...)
-       TODO: check
+       NOT-FOR-US: Eclipse OpenJ9
 CVE-2024-10790 (The Admin and Site Enhancements (ASE) plugin for WordPress is 
vulnerab ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-10695 (The Futurio Extra plugin for WordPress is vulnerable to 
Information Ex ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee1aef7439989101a45b2e8b66b8c9a4069f4a23

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee1aef7439989101a45b2e8b66b8c9a4069f4a23
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to